Vulnerability Details : CVE-2006-0708
Potential exploit
Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow remote attackers to execute arbitrary code via (1) an m3u file containing a long URL ending in .wma, (2) a pls file containing a File1 field with a long URL ending in .wma, or (3) an m3u file with a long filename, variants of CVE-2005-3188 and CVE-2006-0476.
Vulnerability category: Execute code
Products affected by CVE-2006-0708
- cpe:2.3:a:nullsoft:winamp:5.03:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.04:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.01:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.02:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.06:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.05:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.07:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.08c:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.09:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.091:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.094:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.12:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.08d:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.08e:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.13:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.093:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.11:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-0708
16.22%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 94 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-0708
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
References for CVE-2006-0708
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/24741
-
http://www.securityfocus.com/bid/16623
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/24739
-
http://forums.winamp.com/showthread.php?s=&threadid=238648
-
http://securityreason.com/securityalert/492
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/24740
-
http://securitytracker.com/id?1015621
Exploit
-
http://securityreason.com/securityalert/444
-
http://www.vupen.com/english/advisories/2006/0613
-
http://www.securityfocus.com/archive/1/424903/100/0/threaded
Jump to